package com.chen.controller;

import com.chen.entity.User;
import com.chen.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestController
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;


    /**
     * 查看用户
     * @return
     */
    @PreAuthorize("hasRole('USER')") //如果不配置默认可以访问, 当前配置,只有USER角色可以访问
    @GetMapping("/list")
    public List<User> list(){
        return userService.list();
    }

    @PreAuthorize("hasRole('ADMIN') and authentication.name =='chen'") //角色是admin,并且用户名是chen才能访问此方法
    @PostMapping("/add")
    public void add(@RequestBody User user) {
        userService.saveUserDetails(user);
    }
}
